package com.adtec.base.cloud.security.jwt;


import com.adtec.base.cloud.security.jwt.config.MyAuthenticationTokenFilter;
import com.adtec.base.cloud.security.jwt.model.JwtProperties;
import com.adtec.base.cloud.security.jwt.service.MyUserDetailsService;
import com.adtec.base.cloud.security.jwt.utils.JWTConstants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;
import java.util.List;

@Configuration
@Order(1)
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Resource
    private JwtProperties jwtProperties;
    @Resource
    private MyUserDetailsService myUserDetailsService;

    /**
     * Security不经过过滤器的连接放在这里
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        //全局配置：忽略url
        web.ignoring().antMatchers(
                //静态资源的访问路径
                JWTConstants.CONTROLLER_IMAGE,
                //swagger2
                JWTConstants.CONTROLLER_SWAGGER1,
                JWTConstants.CONTROLLER_SWAGGER2,
                JWTConstants.CONTROLLER_SWAGGER3,
                JWTConstants.CONTROLLER_SWAGGER4,
                JWTConstants.CONTROLLER_SWAGGER5,
                JWTConstants.CONTROLLER_SWAGGER,
                //swagger3
                JWTConstants.CONTROLLER_SWAGGER_3_1,
                JWTConstants.CONTROLLER_SWAGGER_3
        );
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        if (jwtProperties.getCsrfDisabled()) {
            http = http.csrf().disable();
        }

        http.addFilterBefore(
                myAuthenticationTokenFilter(),
                UsernamePasswordAuthenticationFilter.class
        ).authorizeRequests()
                .antMatchers(
                        JWTConstants.CONTROLLER_AUTHENTICATION,
                        JWTConstants.CONTROLLER_REFRESH,
                        JWTConstants.CONTROLLER_ROLES
                ).permitAll();

        List<String> permitAllURI = jwtProperties.getPermitAllURI();
        if (permitAllURI!=null) {
            //通过配置实现的不需要JWT令牌就可以访问的接口
            for (String uri : jwtProperties.getPermitAllURI()) {
                http.authorizeRequests().antMatchers(uri).permitAll();
            }
        }

        //RBAC权限控制级别的接口权限校验
        http.authorizeRequests().anyRequest()
                .access("@rabcService.hasPermission(request,authentication)");

//        http.rememberMe().alwaysRemember(true);
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService)
                .passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    @Bean
    public MyAuthenticationTokenFilter myAuthenticationTokenFilter() {
        return new MyAuthenticationTokenFilter(this.myUserDetailsService);
    }

}